mahara-contributors team mailing list archive

Thread
Date

[Bug 932909] Re: auth/saml default remoteuser

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Wed, 15 Feb 2012 22:09:46 -0000
Reply-to: Bug 932909 <932909@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

BTW Piers, we use "fix committed" only when the fix has been merged onto
the final branch. While it's in review, we use "in progress".

** Changed in: mahara
       Status: Fix Committed => In Progress

** Changed in: mahara
   Importance: Undecided => Critical

** Changed in: mahara
    Milestone: None => 1.3.8

** Also affects: mahara/1.4
   Importance: Undecided
       Status: New

** Changed in: mahara/1.4
    Milestone: None => 1.4.2

** This bug has been flagged as a security vulnerability

** Changed in: mahara/1.4
       Status: New => Confirmed

** Changed in: mahara/1.4
   Importance: Undecided => High

** Changed in: mahara
   Importance: Critical => High

** Tags added: saml

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/932909

Title:
  auth/saml default remoteuser

Status in Mahara ePortfolio:
  In Progress
Status in Mahara 1.4 series:
  Confirmed

Bug description:
  The auth/saml plugin should have the option "Match username attribute
  to Remote username" defaulted to true, as this presents a risk in
  multi-tenanted Mahara instances (different institutions may clash on
  usernames so the default behaviour should be to match on the external
  one).

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/932909/+subscriptions

References

[Bug 932909] [NEW] auth/saml default remoteuser
From: PiersHarding, 2012-02-15